Lucene search
K

4 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40146

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...

9.3CVSS5.8AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 1:55 p.m.37 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49238

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to restrict the allow list of domains for NTLM credential forwarding. This allows a user on a server where the image proxy i...

7.7CVSS5.9AI score0.00187EPSS
Exploits0References6
NVD
NVD
added 2026/05/05 7:16 p.m.9 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS0.0044EPSS
Exploits0References6
Rows per page
Query Builder